The European Union’s General Data Protection Regulation (GDPR) will be taking effect on May 25, 2018 and will affect SpotMe’s and our customers’ business operations. More information on GDPR can be found on http://europa.eu/dataprotection.
As compliance with data protection legislation is crucial for SpotMe’s and our customers’ businesses, SpotMe has taken the following steps with regard to the data processing operations SpotMe carries out in light of the changing privacy legislation framework:
- External Data Protection Officer appointed by SpotMe; Dr. Christian Rauda is SpotMe Data Protection Officer and can be contacted on email@example.com
- Detailed Data Breach Notification Policy, Regulatory Request Procedure and other privacy-related policies and procedures compliant with the GDPR requirements;
- Maintenance of up-to-date records of SpotMe data processing activities;
- Privacy awareness training for SpotMe staff;
- Collaboration between SpotMe privacy team and SpotMe engineering team supporting the privacy-by-design concept;
- Technical and operational processes in place to ensure data subjects’ rights under GDPR can be met, e.g. right to be forgotten or full workspace deletion (ensured through remote data wipe options & certified data deletion option);
- Implemented Technical and Organizational Measures in line with the GDPR requirements for the purposes of assuring the security of the data processing activities carried out by SpotMe on behalf of its customers;
- Data hosting in the jurisdiction of client’s choice: U.S., The Netherlands, Germany, Switzerland, Singapore or Australia
All above assertions are the subject of specific controls contained in the SpotMe SOC2 report audited by Mazars Ltd. (Report on SpotMe Holding SA Description of its SpotMe Enterprise Engagement Platform System and on the Suitability of the Design of Controls Relevant to the Security, Availability, Confidentiality and Privacy Principles.) Please contact us on firstname.lastname@example.org for more information on GDPR or, if you are a SpotMe client, to request a copy of the SpotMe SOC2 report.
If you are a SpotMe client, you do need to undertake the following two steps to implement GDPR for your apps:
- Execute a Data Processing Agreement (DPA)
Please contact your SpotMe account manager if you require any assistance.
Data Processing Agreement (DPA)
In fulfillment of the initiated GDPR implementation, effective March 31, 2018, SpotMe will bundle a GDPR-compliant Data Processing Addendum with its Contractual Documents; For any service agreement entered into prior to March 31, 2018 and where applicable, SpotMe will work with its customers to enter into a separate GDPR-compliant Data Processing Addendum. The execution of such Addendum is for the mutual benefit of both SpotMe and its customers and will contribute to our successful partnership in the future.
Your legal team may request a Data Processing Agreement (DPA) for SpotMe processing activities. A pre-signed DPA can be requested from your SpotMe account manager.
GDPR In a Nutshell
To learn tips for GDPR see CEO, Pierre Metrailler join the conversation at the Event Tech Live 2017.